Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    sprawdzenie loga

    IP: *.xdsl.centertel.pl 06.03.10, 18:28
    czy może ktoś sprawdzić tego loga i napisać mi co dalej zrobić bo
    wykryto mi ponad 100 zainfekownych plików. pomocy
    Malwarebytes' Anti-Malware 1.44
    Wersja bazy definicji: 3510
    Windows 5.1.2600 Dodatek Service Pack 2
    Internet Explorer 6.0.2900.2180

    2010-03-06 17:29:23
    mbam-log-2010-03-06 (17-29-22).txt

    Typ skanowania: Pełne skanowanie (C:\|D:\|)
    Przeskanowane obiekty: 144151
    Upłynęło: 1 hour(s), 3 minute(s), 16 second(s)

    Zainfekowane procesy w pamięci: 0
    Zainfekowane moduły pamięci: 0
    Zainfekowane klucze rejestru: 23
    Zainfekowane wartości rejestru: 5
    Zainfekowane pliki rejestru: 1
    Zainfekowane foldery: 16
    Zainfekowane pliki: 58

    Zainfekowane procesy w pamięci:
    (Nie wykryto groźnych plików)

    Zainfekowane moduły pamięci:
    (Nie wykryto groźnych plików)

    Zainfekowane klucze rejestru:
    HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
    \{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    \Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
    \{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    \Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
    \{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and
    deleted successfully.
    HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined
    and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined
    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal
    l\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) ->
    Quarantined and deleted successfully.

    Zainfekowane wartości rejestru:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2}
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-
    94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and
    deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-
    00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and
    deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoos
    oft (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adsl
    taskbar (Trojan.Agent) -> Quarantined and deleted successfully.

    Zainfekowane pliki rejestru:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    \Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -
    > Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Zainfekowane foldery:
    C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted
    successfully.
    C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    C:\Program Files\Internet Saving Optimizer\3.8.1.4690
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Saving Optimizer\3.8.1.4690\Data
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Saving Optimizer\3.8.1.4690
    \FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted
    successfully.
    C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Media Access Startup (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    C:\Program Files\Media Access Startup\2.0.0.1050 (Adware.DoubleD) ->
    Quarantined and deleted successfully.
    C:\Program Files\Media Access Startup\2.0.0.1050\Data
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Media Access Startup\2.0.0.1050\FF
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Media Access Startup\2.0.0.1050\FF\chrome
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Media Access Startup\2.0.0.1050\FF\chrome\content
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Media Access Startup\2.0.0.1050\FF\components
    (Adware.DoubleD) -> Quarantined and deleted successfully.

    Zainfekowane pliki:
    C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll
    (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\1di1w.exe (Spyware.OnlineGames) -> Quarantined and deleted
    successfully.
    C:\6ruaqx.exe (Spyware.OnlineGames) -> Quarantined and deleted
    successfully.
    C:\9b9w3.exe (Spyware.OnlineGames) -> Quarantined and deleted
    successfully.
    C:\9g86.exe (Spyware.OnlineGames) -> Quarantined and deleted
    successfully.
    C:\hjvjte.exe (Spyware.OnlineGames) -> Quarantined and deleted
    successfully.
    C:\mbvd.exe (Spyware.OnlineGames) -> Quarantined and deleted
    successfully.
    C:\nqdymj.exe (Spyware.OnlineGames) -> Quarantined and deleted
    successfully.
    C:\s3ek.exe (Spyware.OnlineGames) -> Quarantined and deleted
    successfully.
    C:\se12ydam.exe (Spyware.OnlineGames) -> Quarantined and deleted
    Obserwuj wątek
      • kolobos Re: sprawdzenie loga 06.03.10, 18:30
        Wroc jak juz nauczysz sie czytac! forum.gazeta.pl/forum/w,430,102884243,102884243,Przeczytaj_zanim_napiszesz_Zasady_dzialu_.html

        • Gość: martita5433 Re: sprawdzenie loga IP: *.xdsl.centertel.pl 06.03.10, 20:34
          a więc znaczy że wystarczy jak wkleje loga na wklej.org? bardzo
          proszę o dośc proste wytłumaczenie bo nie mam praktycznie żadnej
          wiedzy na ten temat. pobrałam sobie ten program otl. i już powstały
          mi chyba 2 logi. z góry dziękuję za odp.
          • Gość: @ Re: sprawdzenie loga IP: *.chello.pl 06.03.10, 21:16
            Umieść te logi na wklej.org i w poście podaj linki do logów.
            • Gość: martita5433 Re: sprawdzenie loga IP: *.xdsl.centertel.pl 06.03.10, 21:45
              wklej.org/id/291615/
              wklej.org/id/291619/
              te dwa logi powstały mi po skanie w otl.
      • Gość: @ Re: sprawdzenie loga IP: *.chello.pl 06.03.10, 22:23
        Do okna Custom Scans/Fixes wklej:

        :OTL
        IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
        O32 - AutoRun File - [2010-03-06 17:29:25 | 000,000,051 | RHS- | M] () - C:\autorun.inf
        • kolobos Re: sprawdzenie loga 07.03.10, 00:18
          Zamiast Pandy mozna zainstalowac KB971029. MS sie w koncu postaral i zablokowal autostart z pendrive'ow itp. Szkoda, ze dopiero teraz..
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.